nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merged with upstream

This commit is contained in:
Root 2021-04-09 14:53:40 -07:00
parent f25a0556ea d9b0132e45
commit 6efccd8266
10 changed files with 79 additions and 328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/hardware/lambda.nix
View File

@ -19,7 +19,6 @@
};
kernelModules = [ "kvm-amd" ];
externalModulePackages = [ ];
kernelPackages = pkgs.linuxPackages_latest;
loader.grub = {

1
config/hardware/plato.nix
View File

@ -73,6 +73,7 @@ with lib;
};
interfaces = {
enp1s0.useDHCP = false;
intif0 = {
# output of: echo plato-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
macAddress = "02:25:b7:67:c4:c2";

19
config/host-config/lambda.nix
View File

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
let primary-ip = "10.0.0.3";
in {
{
# TODO: remove?
nixpkgs.config.permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1" # CVE-2021-28041
];
fudo.slynk.enable = true;
networking = {
@ -12,12 +15,8 @@ in {
enp4s0f0.useDHCP = false;
enp4s0f1.useDHCP = false;
extif0 = {
useDHCP = false;
ipv4.addresses = [{
address = primary-ip;
prefixLength = 22;
}];
intif0 = {
useDHCP = true;
};
};
};
@ -25,7 +24,7 @@ in {
fudo.ipfs = {
enable = true;
users = [ "niten" ];
api-address = "/ip4/${primary-ip}/tcp/5001";
api-address = "/ip4/0.0.0.0/tcp/5001";
};
# TODO: add camera

23
config/host-config/plato.nix
View File

@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }:
with lib; {
with lib;
let primary-ip = "10.0.0.21";
in {
config = {
environment.etc = {
nixos.source = "/state/nixos";
@ -23,7 +25,7 @@ with lib; {
systemd.tmpfiles.rules = [
"L /root/.gnupg - - - - /state/root/gnupg"
"L /root/.emacs.d - - - - /state/root/emacs.d"
# "L /root/.emacs.d - - - - /state/root/emacs.d"
"L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
"L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
"L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
@ -31,6 +33,23 @@ with lib; {
"L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
];
networking = {
defaultGateway = {
address = "10.0.0.1";
interface = "intif0";
};
interfaces = {
intif0 = {
useDHCP = false;
ipv4.addresses = [{
address = primary-ip;
prefixLength = 22;
}];
};
};
};
services = {
openssh = {
hostKeys = [

8
config/networks/sea.fudo.org.nix
View File

@ -73,6 +73,14 @@ in {
google-wifi = {
ipv4-address = "10.0.0.7";
mac-address = "7C:D9:5C:9F:6F:E9";
};
nostromo = {
ip-address = "10.0.0.10";
mac-address = "46:54:76:06:f1:10";
};
lambda = {
ip-address = "10.0.0.11";
mac-address = "02:f5:fe:8c:22:fe";
};
nostromo = {
ipv4-address = "10.0.0.10";

3
config/profile-config/server.nix
View File

@ -20,7 +20,8 @@ let
$WALL "$1 exists, rebooting system"
${pkgs.systemd}/bin/reboot
else
$WALL "$1 does not exist, aborting reboot."
$WALL "$1 does not exist, switching config."
nixos-rebuild switch
fi
exit 0

1
config/sites.nix
View File

@ -9,6 +9,7 @@
dynamic-network = "10.0.1.0/24";
timezone = "America/Los_Angeles";
gateway-host = "nostromo";
deploy-pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMPjwpcktL0Rhjc/D3ZmzwkSRqSJX5TGjMXVstpg8nNqQQrj9DxPq7gV4a+1LxMtQGPUv4gYx7De1a5LMVk8u6qJJnaLlt3TB1e1SUCBxxeh5sWIY5BMx8Q0/aRTkyTchyczX6FX0LXM7FP6yvxZVZSn2WHRp7REr8G1PUAwuIGy2a4bKOUSh5Uj4riXFXnROW2mp1vUfe5oH4X5HP3ACCXWRVUFdqDt1ldcrqqi+7/8x2G1eOHJcQ7B5FdL3uuq0nBrUzFQTt6KCHy0C2Jc3DFwOS1+ZdGKZpao+/arh/fH+LQfMUePx/AQOkYrJwvuRwbxg8XmlZ89u2gyDuqapzjBmsu+wyd5pF2QglyTRZW9Ijy1NTuzduPm6wgqN0Q09evFJvM9ZjShcIY3xTcCGDxpwTeYgMVXMF79sV9u+JwCSBpaIyteIJ7M/J/NWmaKoUF6Ia9mNts889Ba9TKzQFek19KYetOB2hfXV+7bvXrH+OBppzpdrztJFavBceQTs=";
# FIXME: good idea?
# network-mounts = {
# "/mnt/documents" = {

86
lib/fudo/networks/rus.selby.ca.nix
View File

@ -1,86 +0,0 @@
{ config, lib, ... }:
{
default-host = "10.0.0.1";
mx = [ "mail.fudo.org" ];
hosts = {
clunk = {
ipv4-address = "10.0.0.1";
mac-address = "02:44:d1:eb:c3:6b";
};
dns-proxy = {
ipv4-address = "10.0.0.2";
# This is just a second IP on clunk, for the pihole
};
google-wifi = {
ipv4-address = "10.0.0.11";
mac-address = "70:3a:cb:c0:3b:09";
};
pselby-work = {
ipv4-address = "10.0.0.151";
mac-address = "00:50:b6:aa:bd:b3";
};
downstairs-desktop = {
ipv4-address = "10.0.0.100";
mac-address = "90:b1:1c:8e:29:cf";
};
upstairs-desktop = {
ipv4-address = "10.0.0.101";
mac-address = "80:e8:2c:22:65:c2";
};
};
aliases = {
dns-hole = "clunk";
gateway = "clunk";
upstairs = "upstairs-desktop";
downstairs = "downstairs-desktop";
};
srv-records = {
tcp = {
domain = [{
port = 53;
host = "clunk.${local-domain}";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerberos-adm = [{
port = 88;
host = "france.fudo.org";
}];
ssh = [{
port = 22;
host = "clunk.${local-domain}";
}];
};
udp = {
domain = [{
port = 53;
host = "clunk.${local-domain}";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerboros-master = [{
port = 88;
host = "france.fudo.org";
}];
kpasswd = [{
port = 464;
host = "france.fudo.org";
}];
};
};
}

214
lib/fudo/networks/sea.fudo.org.nix
View File

@ -1,214 +0,0 @@
{ config, lib, ... }:
{
default-host = "10.0.0.1";
mx = [ "mail.fudo.org" ];
aliases = {
kadmin = "nostromo";
kdc = "nostromo";
photo = "doraemon";
music = "doraemon";
panopticon = "lambda";
panopticon-od = "lambda";
ipfs = "nostromo";
hole = "nostromo";
pihole = "nostromo";
dns-hole = "nostromo";
mon-1 = "srv-1";
};
srv-records = {
tcp = {
domain = [{
port = 53;
host = "nostromo.sea.fudo.org";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerberos-adm = [{
port = 88;
host = "france.fudo.org";
}];
ssh = [{
port = 22;
host = "nostromo.sea.fudo.org";
}];
ldap = [{
port = 389;
host = "france.fudo.org";
}];
};
udp = {
domain = [{
port = 53;
host = "nostromo.sea.fudo.org";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerboros-master = [{
port = 88;
host = "france.fudo.org";
}];
kpasswd = [{
port = 464;
host = "france.fudo.org";
}];
};
};
hosts = {
nostromo = {
ip-address = "10.0.0.1";
mac-address = "46:54:76:06:f1:10";
};
lm = {
ip-address = "10.0.0.2";
mac-address = "00:23:7d:e6:d9:ea";
};
lambda = {
ip-address = "10.0.0.3";
mac-address = "02:50:f6:52:9f:9d";
};
switch-master = {
ip-address = "10.0.0.5";
mac-address = "00:14:1C:B6:BB:40";
};
google-wifi = {
ip-address = "10.0.0.7";
mac-address = "7C:D9:5C:9F:6F:E9";
};
cam-entrance = {
ip-address = "10.0.0.31";
mac-address = "9c:8e:cd:0e:99:7b";
};
cam-driveway = {
ip-address = "10.0.0.32";
mac-address = "9c:8e:cd:0d:3b:09";
};
cam-deck = {
ip-address = "10.0.0.33";
mac-address = "9c:8e:cd:0e:98:c8";
};
cargo = {
ip-address = "10.0.0.50";
mac-address = "00:11:32:75:d8:b7";
};
whitedwarf = {
ip-address = "10.0.0.51";
mac-address = "00:11:32:12:14:1d";
};
doraemon = {
ip-address = "10.0.0.52";
mac-address = "00:11:32:0a:06:c5";
};
android = {
ip-address = "10.0.0.81";
mac-address = "00:16:3e:43:39:fc";
};
retro-wired = {
ip-address = "10.0.0.82";
mac-address = "dc:a6:32:6b:57:43";
};
retro = {
ip-address = "10.0.0.83";
mac-address = "dc:a6:32:6b:57:45";
};
monolith = {
ip-address = "10.0.0.100";
mac-address = "6c:62:6d:c8:b0:d8";
};
taipan = {
ip-address = "10.0.0.107";
mac-address = "52:54:00:34:c4:78";
};
spark = {
ip-address = "10.0.0.108";
mac-address = "78:24:af:04:f7:dd";
};
hyperion = {
ip-address = "10.0.0.109";
mac-address = "52:54:00:33:46:de";
};
zbox = {
ip-address = "10.0.0.110";
mac-address = "02:dd:80:52:83:9b";
};
ubiquiti-wifi = {
ip-address = "10.0.0.126";
mac-address = "04:18:d6:20:48:fb";
};
generator-wireless = {
ip-address = "10.0.0.130";
mac-address = "B8:27:EB:A6:32:26";
};
brother-wireless = {
ip-address = "10.0.0.160";
mac-address = "c0:38:96:64:49:65";
};
nest = {
ip-address = "10.0.0.176";
mac-address = "18:b4:30:16:7c:5a";
};
xixi-phone = {
ip-address = "10.0.0.193";
mac-address = "48:43:7c:75:89:42";
};
ipad = {
ip-address = "10.0.0.202";
mac-address = "9c:35:eb:48:6e:71";
};
cam-front = {
ip-address = "10.0.0.203";
mac-address = "c4:d6:55:3e:b4:c3";
};
family-tv = {
ip-address = "10.0.0.205";
mac-address = "84:a4:66:3a:b1:f8";
};
babycam = {
ip-address = "10.0.0.206";
mac-address = "08:ea:40:59:5f:9e";
};
workphone = {
ip-address = "10.0.0.211";
mac-address = "a8:8e:24:5c:12:67";
};
chromecast-2 = {
ip-address = "10.0.0.215";
mac-address = "a4:77:33:59:a2:ba";
};
front-light = {
ip-address = "10.0.0.221";
mac-address = "94:10:3e:48:94:ed";
};
# Ceph network
srv-1 = {
ip-address = "10.0.10.1";
mac-address = "02:65:d7:00:7d:1b";
};
node-1 = {
ip-address = "10.0.10.101";
mac-address = "00:1e:06:36:81:cf";
};
node-2 = {
ip-address = "10.0.10.102";
mac-address = "00:1e:06:36:ec:3e";
};
node-3 = {
ip-address = "10.0.10.103";
mac-address = "00:1e:06:36:ec:4b";
};
node-4 = {
ip-address = "10.0.10.104";
mac-address = "00:1e:06:36:dd:8c";
};
};
}

51
lib/fudo/sites.nix
View File

@ -95,6 +95,12 @@ let
description = "Location of Dropbear ECDSA key.";
default = "/etc/dropbear/host_ecdsa_key";
};
dropbear-deploy-port = mkOption {
type = port;
description = "Port to be used for the deploy SSH server.";
default = 2112;
};
};
};
@ -107,16 +113,30 @@ in {
config = mkIf (site-cfg.deploy-pubkey != null) {
environment.etc."dropbear/authorized_keys" = {
text = "root@deploy ${site-cfg.deploy-pubkey}";
text = "${site-cfg.deploy-pubkey} root@deploy";
mode = "0400";
};
systemd.services = let dropbear-port = 2112;
in {
networking.firewall.allowedTCPPorts = [ site-cfg.dropbear-deploy-port ];
dropbear-init = {
wantedBy = [ "multi-user.target" ];
script = ''
systemd = {
sockets = {
dropbear-deploy = {
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "0.0.0.0:${toString site-cfg.dropbear-deploy-port}";
Accept = true;
};
unitConfig = {
restartIfChanged = true;
};
};
};
services = {
dropbear-deploy-init = {
wantedBy = [ "multi-user.target" ];
script = ''
if [ ! -d /etc/dropbear ]; then
mkdir /etc/dropbear
chmod 700 /etc/dropbear
@ -132,15 +152,18 @@ in {
${pkgs.coreutils}/bin/chmod 0400 ${site-cfg.dropbear-ecdsa-key-path}
fi
'';
};
};
dropbear = {
requires = [ "dropbear-init.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
type = "simple";
ExecStart = "${pkgs.dropbear} -F -m -s -j -k -p ${dropbear-port}";
"dropbear-deploy@" = {
description = "Per-connection service for deployment, using dropbear.";
requires = [ "dropbear-deploy-init.service" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.dropbear}/bin/dropbear -F -i -m -s -j -k -r ${site-cfg.dropbear-rsa-key-path} -r ${site-cfg.dropbear-ecdsa-key-path}";
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
StandardInput = "socket";
};
};
};
};